From 302a3c5f7ded0de7f26f3fdaf90547bb78903e73 Mon Sep 17 00:00:00 2001 From: Dan Poltawski Date: Wed, 2 Dec 2015 14:18:43 +0000 Subject: [PATCH] MDL-52250 npm: remove uglify-js dependency/bump grunt-contrib-uglify A) Remove direct dependency on uglify-js: This dependency was added in MDL-50277, but it isn't quite correct, the way npm installs dependencies means that grunt-contrib-uglify *could* use 'our' version if its satisifed. But does not *always* and especially does not if the grunt-contrib-uglify requirement is higher than ours. Long story short, in many cases this means that this is used: node_modules/grunt-contrib-uglify/node_modules/uglify-js But this is not: node_modules/uglify-js In MDL-50277 we thought we were making the version sticky, but in reality we were just fixing previous problems by updating grunt-contrib-uglify to a version which fixed a bug: https://github.com/gruntjs/grunt-contrib-uglify/issues/313 It seems the better solution will come with using npm shrinkwrap to lock down depdencies. B) Bump grunt-contrib-uglify to 0.11.0 This moves us to uglify-js ~2.6.0 - which doens't change any output files. --- package.json | 5 ++--- 1 file changed, 2 insertions(+), 3 deletions(-) diff --git a/package.json b/package.json index 3762cb0dd45..2ed67b50285 100644 --- a/package.json +++ b/package.json @@ -6,8 +6,7 @@ "grunt": "0.4.5", "grunt-contrib-jshint": "0.11.3", "grunt-contrib-less": "1.1.0", - "grunt-contrib-uglify": "0.9.1", - "shifter": "0.5.0", - "uglify-js": "2.4.22" + "grunt-contrib-uglify": "0.11.0", + "shifter": "0.5.0" } } -- 2.43.0